Okta revealed that its private GitHub repositories were hacked this month

American identity and access management giant Okta revealed that that its private GitHub repositories were hacked this month.

Okta revealed that its private GitHub repositories were hacked this month, the news was first reported by BleepingComputer which had access to ‘confidential’ email notification sent by Okta.

According to the notification threat actors have stolen the Okta’s source code.

“As soon as Okta learned of the possible suspicious access, we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications.” reads the email sent by the company “We have since reviewed all recent access to Okta software repositories hosted by GitHub to understand the scope of the exposure, reviewed all recent commits to Okta software repositories hosted with GitHub to validate the integrity of our code, and rotated GitHub credentials. We have also notified law enforcement.”

The security breach was discovered by GitHub earlier this month when the company noticed suspicious access to Okta’s code repositories.

“Upon investigation, we have concluded that such access was used to copy Okta code repositories,” writes David Bradbury, the Okta Chief Security Officer (CSO) in the mail.

According to the notification, intruders did not gain access to its service or customer data

Okta states that “HIPAA, FedRAMP or DoD customers” were not affected.

The incident is related to the Okta Workforce Identity Cloud (WIC) code repositories and doesn’t impact Auth0 Customer Identity Cloud products. 

The company announced to have taken steps to prevent threat actors can use the stolen code to access company or customer environments.

In March 2022, the Lapsus$ extortion group has stolen sensitive data from Okta, including customer data, and published screenshots of the stolen data on its Telegram channel.

The company launched an investigation into the claims of a data breach, while the CEO Todd McKinnon confirmed that in late January 2022 the company detected an attempt to compromise the account of a third-party customer support engineer working for one of its subprocessors.

The company revealed that the security breach impacted 2.5% of its customers (approximately 375), but pointed out that they have no action that should do. The Lapsus$ extortion group compromised the laptop of one of its support engineers that allowed them to reset passwords for some of its customers.

Investigators discovered that the attackers had access to the laptop for five days starting from January 16, 2022.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, GitHub)

[adrotate banner=”5″]

[adrotate banner=”13″]